mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-12-31 18:15:20 +00:00
main: rename landlock_config to landlock_rules
To keep the naming consistent, rename all uses of landlock_config to landlock_rules. Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
This commit is contained in:
parent
b9f086bcb3
commit
bd180bc3eb
@ -191,7 +191,7 @@ impl RequestHandler for StubApiRequestHandler {
|
|||||||
tpm: None,
|
tpm: None,
|
||||||
preserved_fds: None,
|
preserved_fds: None,
|
||||||
landlock_enable: false,
|
landlock_enable: false,
|
||||||
landlock_config: None,
|
landlock_rules: None,
|
||||||
})),
|
})),
|
||||||
state: VmState::Running,
|
state: VmState::Running,
|
||||||
memory_actual_size: 0,
|
memory_actual_size: 0,
|
||||||
|
@ -1066,7 +1066,7 @@ mod unit_tests {
|
|||||||
tpm: None,
|
tpm: None,
|
||||||
preserved_fds: None,
|
preserved_fds: None,
|
||||||
landlock_enable: false,
|
landlock_enable: false,
|
||||||
landlock_config: None,
|
landlock_rules: None,
|
||||||
};
|
};
|
||||||
|
|
||||||
assert_eq!(expected_vm_config, result_vm_config);
|
assert_eq!(expected_vm_config, result_vm_config);
|
||||||
|
@ -497,7 +497,7 @@ pub struct VmParams<'a> {
|
|||||||
#[cfg(feature = "sev_snp")]
|
#[cfg(feature = "sev_snp")]
|
||||||
pub host_data: Option<&'a str>,
|
pub host_data: Option<&'a str>,
|
||||||
pub landlock_enable: bool,
|
pub landlock_enable: bool,
|
||||||
pub landlock_config: Option<Vec<&'a str>>,
|
pub landlock_rules: Option<Vec<&'a str>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'a> VmParams<'a> {
|
impl<'a> VmParams<'a> {
|
||||||
@ -564,7 +564,7 @@ impl<'a> VmParams<'a> {
|
|||||||
#[cfg(feature = "sev_snp")]
|
#[cfg(feature = "sev_snp")]
|
||||||
let host_data = args.get_one::<String>("host-data").map(|x| x as &str);
|
let host_data = args.get_one::<String>("host-data").map(|x| x as &str);
|
||||||
let landlock_enable = args.get_flag("landlock");
|
let landlock_enable = args.get_flag("landlock");
|
||||||
let landlock_config: Option<Vec<&str>> = args
|
let landlock_rules: Option<Vec<&str>> = args
|
||||||
.get_many::<String>("landlock-rules")
|
.get_many::<String>("landlock-rules")
|
||||||
.map(|x| x.map(|y| y as &str).collect());
|
.map(|x| x.map(|y| y as &str).collect());
|
||||||
|
|
||||||
@ -606,7 +606,7 @@ impl<'a> VmParams<'a> {
|
|||||||
#[cfg(feature = "sev_snp")]
|
#[cfg(feature = "sev_snp")]
|
||||||
host_data,
|
host_data,
|
||||||
landlock_enable,
|
landlock_enable,
|
||||||
landlock_config,
|
landlock_rules,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2725,9 +2725,9 @@ impl VmConfig {
|
|||||||
.map(|p| p.iommu_segments.is_some())
|
.map(|p| p.iommu_segments.is_some())
|
||||||
.unwrap_or_default();
|
.unwrap_or_default();
|
||||||
|
|
||||||
if let Some(landlock_configs) = &self.landlock_config {
|
if let Some(landlock_rules) = &self.landlock_rules {
|
||||||
for landlock_config in landlock_configs {
|
for landlock_rule in landlock_rules {
|
||||||
landlock_config.validate()?;
|
landlock_rule.validate()?;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2901,10 +2901,10 @@ impl VmConfig {
|
|||||||
#[cfg(feature = "guest_debug")]
|
#[cfg(feature = "guest_debug")]
|
||||||
let gdb = vm_params.gdb;
|
let gdb = vm_params.gdb;
|
||||||
|
|
||||||
let mut landlock_config: Option<Vec<LandlockConfig>> = None;
|
let mut landlock_rules: Option<Vec<LandlockConfig>> = None;
|
||||||
if let Some(ll_config) = vm_params.landlock_config {
|
if let Some(ll_rules) = vm_params.landlock_rules {
|
||||||
landlock_config = Some(
|
landlock_rules = Some(
|
||||||
ll_config
|
ll_rules
|
||||||
.iter()
|
.iter()
|
||||||
.map(|rule| LandlockConfig::parse(rule))
|
.map(|rule| LandlockConfig::parse(rule))
|
||||||
.collect::<Result<Vec<LandlockConfig>>>()?,
|
.collect::<Result<Vec<LandlockConfig>>>()?,
|
||||||
@ -2943,7 +2943,7 @@ impl VmConfig {
|
|||||||
tpm,
|
tpm,
|
||||||
preserved_fds: None,
|
preserved_fds: None,
|
||||||
landlock_enable: vm_params.landlock_enable,
|
landlock_enable: vm_params.landlock_enable,
|
||||||
landlock_config,
|
landlock_rules,
|
||||||
};
|
};
|
||||||
config.validate().map_err(Error::Validation)?;
|
config.validate().map_err(Error::Validation)?;
|
||||||
Ok(config)
|
Ok(config)
|
||||||
@ -3070,7 +3070,7 @@ impl Clone for VmConfig {
|
|||||||
.as_ref()
|
.as_ref()
|
||||||
// SAFETY: FFI call with valid FDs
|
// SAFETY: FFI call with valid FDs
|
||||||
.map(|fds| fds.iter().map(|fd| unsafe { libc::dup(*fd) }).collect()),
|
.map(|fds| fds.iter().map(|fd| unsafe { libc::dup(*fd) }).collect()),
|
||||||
landlock_config: self.landlock_config.clone(),
|
landlock_rules: self.landlock_rules.clone(),
|
||||||
..*self
|
..*self
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -3870,7 +3870,7 @@ mod tests {
|
|||||||
},
|
},
|
||||||
]),
|
]),
|
||||||
landlock_enable: false,
|
landlock_enable: false,
|
||||||
landlock_config: None,
|
landlock_rules: None,
|
||||||
};
|
};
|
||||||
|
|
||||||
let valid_config = RestoreConfig {
|
let valid_config = RestoreConfig {
|
||||||
@ -4060,7 +4060,7 @@ mod tests {
|
|||||||
tpm: None,
|
tpm: None,
|
||||||
preserved_fds: None,
|
preserved_fds: None,
|
||||||
landlock_enable: false,
|
landlock_enable: false,
|
||||||
landlock_config: None,
|
landlock_rules: None,
|
||||||
};
|
};
|
||||||
|
|
||||||
assert!(valid_config.validate().is_ok());
|
assert!(valid_config.validate().is_ok());
|
||||||
|
@ -2243,7 +2243,7 @@ mod unit_tests {
|
|||||||
tpm: None,
|
tpm: None,
|
||||||
preserved_fds: None,
|
preserved_fds: None,
|
||||||
landlock_enable: false,
|
landlock_enable: false,
|
||||||
landlock_config: None,
|
landlock_rules: None,
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -798,7 +798,7 @@ pub struct VmConfig {
|
|||||||
pub preserved_fds: Option<Vec<i32>>,
|
pub preserved_fds: Option<Vec<i32>>,
|
||||||
#[serde(default)]
|
#[serde(default)]
|
||||||
pub landlock_enable: bool,
|
pub landlock_enable: bool,
|
||||||
pub landlock_config: Option<Vec<LandlockConfig>>,
|
pub landlock_rules: Option<Vec<LandlockConfig>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl VmConfig {
|
impl VmConfig {
|
||||||
@ -876,9 +876,9 @@ impl VmConfig {
|
|||||||
landlock.add_rule_with_access("/dev/net/tun".into(), "rw")?;
|
landlock.add_rule_with_access("/dev/net/tun".into(), "rw")?;
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Some(landlock_configs) = &self.landlock_config {
|
if let Some(landlock_rules) = &self.landlock_rules {
|
||||||
for landlock_config in landlock_configs.iter() {
|
for landlock_rule in landlock_rules.iter() {
|
||||||
landlock_config.apply_landlock(&mut landlock)?;
|
landlock_rule.apply_landlock(&mut landlock)?;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user